56996e60aba707ba231a0bf2aa951d16_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

56996e60aba707ba231a0bf2aa951d16_JaffaCakes118
Size

141KB
MD5

56996e60aba707ba231a0bf2aa951d16
SHA1

99b91b91d0670f6a03f9efaaaf42fed0ecde55b0
SHA256

d4c5ef4d0d89121d3cc2cee3e274c6a720a19031c21920746db32aa25cbc22c4
SHA512

ead511adaf95c050f119aff750e90ac8b4fe05cefae3ec80d3eff346d07179111d6bbf12500e41ceca19051dbe96e73bee1350e67d3fc760c67416672d936f2f
SSDEEP

3072:xxGXZuQSmXYeHZoKE2tm0hQMWpp7AWUGvQHCsGqYrktkAWieY7S0+:xA87mIe5omNQtpnn0CfqYVieY2V

Score

3^/10

Malware Config

Signatures

Unsigned PE 4 IoCs

Checks for missing Authenticode signature.

resource
unpack001/advpack.dll
unpack001/asctrls.ocx
unpack001/inseng.dll
unpack001/w95inf32.dll

Files

56996e60aba707ba231a0bf2aa951d16_JaffaCakes118
.cab
actsetup.inf
advpack.dll
.dll windows:5 windows x86 arch:x86

1fd78d8d29fa386675a5a52b8be69185

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

ntdll

RtlUnwind

user32

GetSystemMetrics
GetWindowRect
UpdateWindow
CharUpperA
CharToOemA
OemToCharA
DispatchMessageA
MsgWaitForMultipleObjects
ShowWindow
CreateDialogParamA
DestroyWindow
PeekMessageA
GetDC
ReleaseDC
SetWindowPos
SendMessageA
SetDlgItemTextA
GetDlgItemTextA
GetDesktopWindow
SetWindowTextA
SendDlgItemMessageA
GetDlgItem
EnableWindow
EndDialog
DialogBoxParamA
MessageBeep
MessageBoxA
wsprintfA
CharPrevA
ExitWindowsEx
IsWindow
LoadStringA
CharNextA

gdi32

GetStockObject
GetObjectA
CreateFontIndirectA
GetDeviceCaps
DeleteObject

kernel32

GetPrivateProfileIntA
_lopen
GetVolumeInformationA
GetDiskFreeSpaceA
GetCurrentProcess
SetFileTime
GetFileTime
MulDiv
WritePrivateProfileSectionA
GetProfileStringA
ReadFile
GetSystemInfo
FindFirstFileA
GetProcAddress
GetLastError
FreeLibrary
lstrcpyA
lstrlenA
GetDriveTypeA
lstrcpynA
GetEnvironmentVariableA
CloseHandle
WriteFile
CreateFileA
WritePrivateProfileStringA
LockResource
LoadResource
SizeofResource
FindResourceA
GetTempFileNameA
GetWindowsDirectoryA
GetTempPathA
SetFilePointer
LocalFree
LocalAlloc
GetModuleFileNameA
lstrcatA
IsBadReadPtr
DeleteFileA
LocalReAlloc
GetFileAttributesA
GetFullPathNameA
lstrcmpiA
FormatMessageA
FindClose
GetLocalTime
SearchPathA
lstrcmpA
GetPrivateProfileStringA
GetVersionExA
LoadLibraryA
IsDBCSLeadByte
GetShortPathNameA
ExpandEnvironmentStringsA
GetSystemDirectoryA
MultiByteToWideChar
LoadLibraryExA
_lclose
_llseek
RemoveDirectoryA
FindNextFileA
GetFileSize
OpenFile
SetFileAttributesA
CreateDirectoryA
CreateProcessA
GetPrivateProfileSectionA
CopyFileA
UnmapViewOfFile
SetLastError
MapViewOfFileEx
CreateFileMappingA
MoveFileExA
MoveFileA

advapi32

RegQueryInfoKeyA
RegEnumKeyA
RegEnumValueA
RegDeleteKeyA
GetTokenInformation
EqualSid
AllocateAndInitializeSid
FreeSid
RegUnLoadKeyA
RegLoadKeyA
RegSaveKeyA
RegFlushKey
RegDeleteValueA
RegCreateKeyExA
RegSetValueA
RegOpenKeyExA
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
RegSetValueExA
RegQueryValueExA
RegCloseKey

ole32

CoTaskMemFree
OleInitialize
OleUninitialize

version

GetFileVersionInfoSizeA
VerQueryValueA
GetFileVersionInfoA

Exports

Exports

AddDelBackupEntry
AdvInstallFile
CloseINFEngine
DelNode
DelNodeRunDLL32
DllMain
DoInfInstall
ExecuteCab
ExtractFiles
FileSaveMarkNotExist
FileSaveRestore
FileSaveRestoreOnINF
GetVersionFromFile
GetVersionFromFileEx
IsNTAdmin
LaunchINFSection
LaunchINFSectionEx
NeedReboot
NeedRebootInit
OpenINFEngine
RebootCheckOnInstall
RegInstall
RegRestoreAll
RegSaveRestore
RegSaveRestoreOnINF
RegisterOCX
RunSetupCommand
SetPerUserSecValues
TranslateInfString
TranslateInfStringEx
UserInstStubWrapper
UserUnInstStubWrapper

Sections

.text
Size: 69KB - Virtual size: 69KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
asctrls.ocx
.dll regsvr32 windows:5 windows x86 arch:x86

14b42d6092e25368874b77c5e9a6f085

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

oleaut32

VariantClear
VariantInit
SysFreeString
RegisterTypeLi
LoadTypeLi
SysAllocStringLen
OleCreatePropertyFrame
LoadRegTypeLi
SysAllocString
VariantChangeType
SetErrorInfo
CreateErrorInfo
LHashValOfNameSys
VariantCopy

ole32

CreateOleAdviseHolder
CoInitialize
CoUninitialize
CoTaskMemFree
CoCreateInstance
CoTaskMemAlloc

user32

MessageBeep
MessageBoxA
wsprintfA
CharPrevA
GetKeyState
ScrollWindowEx
DrawEdge
DrawIcon
LoadCursorA
RegisterClassA
RegisterWindowMessageA
GetActiveWindow
GetSystemMetrics
GetCapture
SetCapture
GetFocus
PtInRect
GetWindow
InvalidateRect
SetFocus
SetParent
GetClientRect
EndPaint
DefWindowProcA
IsWindowVisible
CreateWindowExA
IntersectRect
EqualRect
OffsetRect
SetWindowRgn
CharNextA
GetDC
ReleaseDC
UnregisterClassA
PeekMessageA
MsgWaitForMultipleObjects
IsDialogMessageA
TranslateMessage
DispatchMessageA
MapWindowPoints
LoadStringA
ExitWindowsEx
EnableWindow
ShowWindow
GetParent
DestroyWindow
CreateDialogParamA
GetWindowRect
SetWindowPos
SetWindowTextA
SetCursor
PostMessageA
SetDlgItemTextA
DialogBoxParamA
GetWindowLongA
EndDialog
SetWindowLongA
GetWindowTextA
GetDlgItem
SendMessageA
LoadIconA
BeginPaint
CallWindowProcA

gdi32

SetWindowOrgEx
SetWindowExtEx
OffsetWindowOrgEx
SetViewportExtEx
LPtoDP
DeleteObject
CreateRectRgnIndirect
CreateDCA
SetMapMode
SetViewportOrgEx
GetDeviceCaps
DeleteDC

advapi32

AdjustTokenPrivileges
RegEnumKeyExA
RegDeleteValueA
OpenProcessToken
LookupPrivilegeValueA
RegCloseKey
RegCreateKeyExA
RegDeleteKeyA
RegOpenKeyExA
RegQueryValueExA
RegSetValueExA
RegFlushKey

kernel32

InterlockedIncrement
GetLocaleInfoA
MulDiv
InterlockedDecrement
IsDBCSLeadByte
GetDiskFreeSpaceA
EnterCriticalSection
GetModuleFileNameA
MultiByteToWideChar
GetVersion
InitializeCriticalSection
GetProcessHeap
DeleteCriticalSection
DisableThreadLibraryCalls
lstrcmpiA
GetSystemDirectoryA
CreateProcessA
GetCurrentProcess
SetEvent
FormatMessageA
Sleep
GetDriveTypeA
GetTickCount
CreateEventA
CreateThread
OpenEventA
WaitForSingleObject
CloseHandle
lstrcatA
GetFileAttributesA
lstrcpynA
lstrlenW
WideCharToMultiByte
LoadLibraryA
GetProcAddress
FreeLibrary
HeapFree
HeapReAlloc
HeapAlloc
lstrlenA
lstrcpyA
LeaveCriticalSection

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 58KB - Virtual size: 58KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
inseng.dll
.dll regsvr32 windows:5 windows x86 arch:x86

3ff3b4909b48db47ce0661f97a28aea3

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

oleaut32

SysAllocStringLen
SysStringLen

ole32

CoTaskMemAlloc
CreateBindCtx
CoTaskMemFree

urlmon

RegisterBindStatusCallback
CreateURLMoniker

wininet

DeleteUrlCacheEntry

user32

LoadCursorA
CharPrevA
DispatchMessageA
MsgWaitForMultipleObjects
PeekMessageA
wsprintfA
MessageBeep
SetForegroundWindow
GetForegroundWindow
SetCursor
LoadStringA
MessageBoxA
FindWindowA
SendNotifyMessageA
SystemParametersInfoA
FindWindowExA
CharNextA
CharUpperA
GetDesktopWindow
IsDialogMessageA
TranslateMessage
GetActiveWindow

advapi32

RegQueryValueExA
RegCloseKey
RegSetValueExA
RegEnumValueA
RegOpenKeyExA
RegCreateKeyExA
RegDeleteValueA
RegDeleteKeyA
RegEnumKeyExA

kernel32

lstrcatA
FindNextFileA
GetLastError
lstrcmpA
CreateDirectoryA
GetModuleFileNameA
GetDiskFreeSpaceA
MulDiv
IsDBCSLeadByte
GetFileSize
ReadFile
GetLocalTime
GetSystemInfo
GetVersionExA
MultiByteToWideChar
GetSystemDirectoryA
GetSystemTimeAsFileTime
CreateProcessA
SetFileAttributesA
GetVolumeInformationA
GetDriveTypeA
SetErrorMode
CreateEventA
CloseHandle
LeaveCriticalSection
EnterCriticalSection
WriteFile
SetEvent
lstrcpynA
ResetEvent
CreateFileA
lstrcpyA
CopyFileA
ReleaseMutex
GetExitCodeThread
CreateThread
lstrlenA
GetExitCodeProcess
HeapAlloc
GetModuleHandleA
CreateMutexA
DeleteFileA
GetTickCount
lstrcmpiA
GetPrivateProfileStringA
WritePrivateProfileStringA
GetPrivateProfileIntA
FreeLibrary
RtlUnwind
GetShortPathNameA
GetFileAttributesA
FindClose
HeapReAlloc
HeapFree
MoveFileA
FindFirstFileA
GetWindowsDirectoryA
GetProcAddress
LoadLibraryA
WritePrivateProfileSectionA
DeleteCriticalSection
LocalFree
GetPrivateProfileSectionA
LocalAlloc
WaitForSingleObject
InterlockedIncrement
DisableThreadLibraryCalls
InitializeCriticalSection
GetProcessHeap
InterlockedDecrement

advpack

ExtractFiles
DelNode
IsNTAdmin
RegInstall
GetVersionFromFile
RunSetupCommand
ExecuteCab
TranslateInfString
TranslateInfStringEx
OpenINFEngine
CloseINFEngine

Exports

Exports

CheckForVersionConflict
CheckTrust
CheckTrustEx
DllCanUnloadNow
DllGetClassObject
DllInstall
DllRegisterServer
DllUnregisterServer
GetICifFileFromFile
GetICifRWFileFromFile
PurgeDownloadDirectory

Sections

.text
Size: 62KB - Virtual size: 62KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
w95inf16.dll
w95inf32.dll
.dll windows:4 windows x86 arch:x86

5f75d18fe563266a560ac1f72bd4cae2

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SUnMapLS_IP_EBP_16
SMapLS_IP_EBP_16
SMapLS_IP_EBP_8
SUnMapLS_IP_EBP_12
ThunkConnect32
SMapLS_IP_EBP_12
SUnMapLS_IP_EBP_8

user32

MessageBoxA

Exports

Exports

CtlSetLddPath32@8
GenFormStrWithoutPlaceHolders32@12
GenInstall32@20
GetSETUPXErrorText32@12
w95thk_ThunkData32

Sections

.text
Size: 512B - Virtual size: 400B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 247B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 173B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 320B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 908B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 92B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1fd78d8d29fa386675a5a52b8be69185

Headers

File Characteristics

Imports

ntdll

user32

gdi32

kernel32

advapi32

ole32

version

Exports

Exports

Sections

.text Size: 69KB - Virtual size: 69KB

.data Size: 1KB - Virtual size: 52KB

.rsrc Size: 8KB - Virtual size: 8KB

.reloc Size: 5KB - Virtual size: 5KB

14b42d6092e25368874b77c5e9a6f085

Headers

File Characteristics

Imports

oleaut32

ole32

user32

gdi32

advapi32

kernel32

Exports

Exports

Sections

.text Size: 58KB - Virtual size: 58KB

.data Size: 512B - Virtual size: 512B

.rsrc Size: 36KB - Virtual size: 35KB

.reloc Size: 4KB - Virtual size: 3KB

3ff3b4909b48db47ce0661f97a28aea3

Headers

File Characteristics

Imports

oleaut32

ole32

urlmon

wininet

user32

advapi32

kernel32

advpack

Exports

Exports

Sections

.text Size: 62KB - Virtual size: 62KB

.data Size: 512B - Virtual size: 9KB

.rsrc Size: 4KB - Virtual size: 4KB

.reloc Size: 3KB - Virtual size: 3KB

5f75d18fe563266a560ac1f72bd4cae2

Headers

File Characteristics

Imports

kernel32

user32

Exports

Exports

Sections

.text Size: 512B - Virtual size: 400B

.rdata Size: 512B - Virtual size: 247B

.data Size: 512B - Virtual size: 173B

.idata Size: 512B - Virtual size: 320B

.rsrc Size: 1024B - Virtual size: 908B

.reloc Size: 512B - Virtual size: 92B

.text
Size: 69KB - Virtual size: 69KB

.data
Size: 1KB - Virtual size: 52KB

.rsrc
Size: 8KB - Virtual size: 8KB

.reloc
Size: 5KB - Virtual size: 5KB

.text
Size: 58KB - Virtual size: 58KB

.data
Size: 512B - Virtual size: 512B

.rsrc
Size: 36KB - Virtual size: 35KB

.reloc
Size: 4KB - Virtual size: 3KB

.text
Size: 62KB - Virtual size: 62KB

.data
Size: 512B - Virtual size: 9KB

.rsrc
Size: 4KB - Virtual size: 4KB

.reloc
Size: 3KB - Virtual size: 3KB

.text
Size: 512B - Virtual size: 400B

.rdata
Size: 512B - Virtual size: 247B

.data
Size: 512B - Virtual size: 173B

.idata
Size: 512B - Virtual size: 320B

.rsrc
Size: 1024B - Virtual size: 908B

.reloc
Size: 512B - Virtual size: 92B